A shell script question

[Brian Densmore]

> -----Original Message-----
> From: Jonathan Hutchins
> 
> On Tuesday, February 24, 2004 09:17 am, Brian Densmore wrote:
> 
> > The rootkit they hit me with takes tripwire down too.
>  
> You should still be able to run Tripwire using the signature 
> file you saved to 
> off-line media and come up with a list of all the files they 
> changed.  
> (That's why you save a sig file off-line.  You did do that, 
> didn't you?)
Nope, wasn't running Tripwire or any off-line scanning tools.
It was my first server, and I just wanted to see what kind of 
attacks I would get and how secure a default "secured" setup
would get me. It'd still be intact had I been more religious
about maintaining service updates. So the bottom line here
is the a decent Linux hardening tool (Bastille) is pretty darn
good, but only as good as the maintainer ensuring that timely 
updates are done. Which made the server immune from most likely
any but 0 day hacks. Now I plan on putting some real stuff on it
and want to crank up my security a bit to make it worthy of a
commercial implementation. The first one was really just a honeypot,
that took the black hats 4 years and lax maintenance on my part to
crack.

Brian